What is Time Based One Time Password (TOTP)? – Definition, and More
The TOTP process is an extension of the HOTP, which generates a unique password by taking the uniqueness of the current time.
TOTP token services depend on a physical device, rather than a telephone number.
And also, it has compatibility with a variety of applications such as Google Authenticator, Microsoft Authenticator, and password managers.
Also Read: What Is APR (Annual Percentage Rate)? How Does It Work?
How is the time-based one-time password algorithm work?
- The time-based one-time password algorithm uses the keyed hash message authentication code (HMAC) to calculate the time-dependent passwords.
- A secret key agreed between the user and the system to log in and time information coordinated between the user and the system.
- The Unix time, which counts the seconds since January 1, 1970, 00:00 UTC, serves as time information.
- The number of seconds rounded to 30 seconds. The algorithm generates a hash value from this rounded number and the secret key.
- It is shortened to a particular bit length and displayed using a modulo operation as a six or eight-digit decimal number.
- If there is no sufficiently synchronized and precise time information available, the authentication fails.
What is the Difference between HOTP and TOTP?
- In addition to TOTP, the so-called HMAC-based One-time Password (HOTP) is another method for generating one-time passwords.
- To generate the one-time password to the secret key, it is not the rounded second value, but it uses an event-controlled counter.
- The counter increases by one for the generation of each new password. The counter on the server also increases after each successful authentication.
- Since the counters can diverge with this method and it cannot be synchronized, and the servers generally accept a number of one-time passwords.
- Only when the one-time password is outside the window does the authentication fail.
What is the Use of the TOTP algorithm for two-factor authentication?
TOTP often used to create a further authentication feature in the context of two-factor authentication.
- It generates a unique hardware token or an app on the user’s smartphone.
- Thanks to TOTP, the time-dependent one-time password can only be used for a limited time.
- Since unauthorized persons can have a one-time password and it is valid for a short time, two-factor authentication via TOTP considers being extremely secure.
- However, the secret key for generating the passwords must not disclose to unauthorized persons.
Also Read: What is Alexa? – Definition,Types, Privacy, and More
5 DevOps Tools To Accelerate Your Enterprise Deployment
There are several DevOps tools to accelerate your enterprise deployment. Certainly, the software development market has been growing steadily due…
Why You Should Launch Your E-Commerce Business Now
Launch Your E-Commerce Business E-Commerce is a big business, with global sales in the trillions every year. And part of…